English
  • magic-link
  • oidc
  • sign-in
  • authentication
  • passwordless

Is magic link sign-in dying? A closer look at its declining popularity

Magic link sign-in is a convenient and secure way to authenticate users. However, its popularity has been declining in recent years. Let's explore the reasons behind this trend and discuss the future of magic link sign-in.

Charles
Charles
Developer

Background

Magic link sign-in has long been hailed as a secure and user-friendly way to authenticate users without passwords. By sending a unique link to the user's email address, magic link sign-in eliminates the need for users to remember complex passwords and provides an additional layer of security.

However, in recent years, the popularity of magic link sign-in has been on the decline. Many products that once offered magic link sign-in as an authentication option have switched to other methods, such as social sign-in or biometric authentication (fingerprint or face recognition), and one-time passwords (OTP).

Couple days ago, I saw someone tweeted that "Magic links are the worst log-in experience ever." And many people agreed and shared their own frustrated experiences with magic link sign-in.

So I began to wonder: why is magic link sign-in falling out of favor?

For those unfamiliar with magic link, here's a brief overview of how it works:

  1. The user enters their email address on the sign-in page.
  2. The server generates a unique token and sends it to the user's email address.
  3. The user clicks on the link in the email, which contains the token.
  4. A browser window opens, and the user is automatically logged in.
  5. For mobile app users, there will be a button on the mobile browser to help navigate them back to the mobile app.

Magic link sign-in offers several advantages over traditional password-based authentication methods:

  1. Easy to use: No need to remember complex passwords.
  2. Secure: Reduces the risk of password-related hacks like phishing or brute-force attacks.
  3. Simple: Good for people who struggling with technology and password management.

It used to be a popular choice for companies looking to provide a seamless and secure authentication experience for their users. But why are there complaints about it now?

The hassle of switching apps

One big reason people don't like magic link any more is that it makes you switch between apps. Imagine you're on a mobile app and you want to sign in. After inputting your email, you will have to switch between the app, your mail app, and the browser, and finally if everything goes well then thank god you're back to the app.

This can be annoying and time-consuming, especially if you're in a hurry or have a slow internet connection. Not to mention sometimes the email just doesn't arrive, or it goes to the spam folder. Those extra steps can easily frustrate users and make them less likely to choose this sign-in method or even use the app.

The rise of other passwordless sign-in methods

Another reason for the decline in magic link sign-in popularity is the rise of other passwordless authentication methods. For example:

  • Biometric authentication has become increasingly popular due to its convenience and security.
  • Social sign-in that allows users to sign in using their existing social media accounts, is another popular alternative to traditional password-based authentication.
  • OTP, which sends a one-time code to the user's phone or email, is also a widely used method, especially when mobile phones can autofill the OTP code for you now.

Password managers and autofill

Password managers, such as 1password, web browsers, etc., have also played a role in the decline of magic link sign-in.

With these password managers, users can securely store and autofill their passwords across different websites and apps, eliminating the need to remember or manually enter passwords. Especially when combined with biometric authentication, the overall user experience is more and more seamless.

While magic link sign-in is still used by many companies, it's definitely facing tough competition and may struggle to stay relevant in the fast-changing world of online security. Do you still remember last time you used magic link to sign in? I honestly don't. So for me and many others, it seems it's indeed dying.

What is your take on this? What is your favorite sign-in method and why? Please feel free to share your thoughts with us.